Foreword xixPreface xxiIntroduction xxvPart I Foundational OSINT 1Chapter 1 Open Source Intelligence 31.1 What Is OSINT? 31.2 A Brief History of OSINT 6The Past 6The Present 8The Future 101.3 Critical Thinking 141.4 Mental Health 161.5 Personal Bias 171.6 Ethics 19Chapter 2 The Intelligence Cycle 232.1 What Is the Intelligence Cycle? 232.2 Planning and Requirements Phase 242.3 Collection Phase 26The Art of Pivoting 27Overcoming OSINT Challenges 33RESET Technique 33Gap Analysis 34Why We Have So Much Data 372.4 Documentation Methods 392.5 Processing and Evaluation Phase 44Scoping 45Data Enrichment 452.6 Analysis and Production Phase 47Visualizations 472.7 Reporting 50Report Tone 51Report Design 51Example Report 542.8 Dissemination and Consumption Phases 54Tippers 55Feedback Phase 55Challenges in the Intelligence Cycle 55Chapter 3 The Adversarial Mindset 573.1 Getting to Know the Adversary 573.2 Passive vs. Active Recon 64Chapter 4 Operational Security 674.1 What Is OPSEC? 67Threat Modeling 68Persona Non Grata Method 68Security or "Baseball" Cards 69Attack Trees 714.2 Steps for OPSEC 72Outlining the Five Steps of OPSEC 72Step 1: Define Critical Information 72Step 2: Analyze the Threat 72Step 3: Determine Vulnerabilities 73Step 4: Risk Assessment 73Step 5: Apply Countermeasures 744.3 OPSEC Technology 77Virtual Private Network 77Why Use a VPN? 77Choosing a VPN 78VPN Concerns 78Privacy Browsers 79Tor 79Freenet 80I2p 82Virtual Machine 83Mobile Emulator 854.4 Research Accounts 854.5 Congratulations! 90Part II OSINT Touchpoints 91Chapter 5 Subject Intelligence 975.1 Overview 97What Is Subject Intelligence? 98Digital Footprint 98Examining a Subject's Pattern of Life 1025.2 Names 106Subject Names 106Naming Conventions 107Arabic Naming Conventions 107Chinese Naming Conventions 109Russian Naming Conventions 109Name Searching Techniques 1105.3 Subject Usernames 110Username Searching Techniques 111Correlating Accounts and Subject Information by Username 1125.4 Subject Emails 116How to begin connecting accounts 117Correlating Accounts and Subject Information by Email 117Google Accounts 119Correlating an Email with a Domain 120Email Verification 122Privacy Emails 124Data Breaches 1255.5 Subject Phone Numbers 129Typing Phone Numbers to additional selectors 129Correlating a Phone Number with a Subject 129Phone Number Spoofing 1315.6 Public Records and Personal Disclosures 132Methods for incorporating public records searches 132Collecting Public Records Associated with a Subject 132U.S. Official Public Record Sources 134U.S. Unofficial Sources 142Chapter 6 Social Media Analysis 1456.1 Social Media 145Key Parts of Social Media 146Collecting Social Media Data on a Subject 148Correlating Subject Social Media Accounts 149Subject Associations and Interactions on Social Media 151User Media and Metadata 156Social Media Pivots at a Glance 1596.2 Continuous Community Monitoring 160Methods for the Continuous Monitoring of a Group 160Facebook Groups 161Telegram Channels 162Reddit 1644chan and 8kun 166I Joined a Community, Now What? 167I Am Unable to Join a Community, Can I Still Monitor Them? 1686.3 Image and Video Analysis 169How to Look at an Image/Video 169Reverse Image Searching 172Image- Based Geolocation 173Image Analysis 173Geolocation Steps 175Image Analysis 177Geolocation Steps 178Image Analysis and Geolocation for Real- Time Events 1816.4 Verification 184Misinformation, Disinformation, and Malinformation 185How Do We Verify If Content Is Mis/Dis/Mal? 186Spotting a Bot Account or Bot Network 187Visualizing and Analyzing Social Networks 190Spotting Digitally Altered Content 193Photo Manipulation 196Video Manipulation 1996.5 Putting It All Together 200Chasing a Puppy Scam 200Chapter 7 Business and Organizational Intelligence 2097.1 Overview 209What Is Organizational Intelligence? 2097.2 Corporate Organizations 212Understanding the Basics of Corporate Structure 213Entity Types 2137.3 Methods for Analyzing Organizations 215Government Sources and Official Registers 216Edgar 218Annual Reports and Filings 219Annual Report to Shareholders 220Forms 10- K, 10- Q, and 8- K 220Digital Disclosures and Leaks 220Organizational Websites 221Social Media for Organizations 225Business Indiscretions and Lawsuits 226Contracts 229Government Contracts 229Contract Reading 101 231Power Mapping 239Tips for Analyzing Organizations Outside the United States 243Canada 243United Kingdom 243China 246Russia 246Middle East 2497.4 Recognizing Organizational Crime 250Shell Corporations 251The "Tells" 2527.5 Sanctions, Blacklists, and Designations 253Organizations that designate sanctions 254The United Nations Security Council 254The Office of Foreign Assets Control 254Other Blacklists 2547.6 501(c)(3) Nonprofits 255Primary Source Documents 256IRS Form 990 256IRS Tax Exempt Organization Search 257Annual Reports 258Consumer Reports and Reviews 259Charity Navigator 2597.7 Domain Registration and IP Analysis 260An Organization's IPs, Domain Names and Websites 261What Is an IP address? 261What Is a Domain Name? 261What Is a Website, and Why Does All of This Matter? 261Analyzing Organization Websites 262Robots.txt 262Website Design and Content 263Website Metadata 264Analyzing WHOIS Record Data 265Analyzing IP Addresses 267IP Addresses 101 267What Can I Do with an IP Address? 269Words of Caution 270Chapter 8 Transportation Intelligence 2738.1 Overview 273What Is Transportation Intelligence? 273The Criticality of Transportation Intelligence 274Visual Intelligence 275Spotters 275Social Media Disclosures 276Webcam 276Satellite Imagery 278Signal Detection 281Understanding Navigational Systems 282Dark Signals 284Signal Spoofing 285Identity Manipulation 287GNSS Jamming 287GNSS Meaconing 2888.2 Vessels 289Introduction to Maritime Intelligence 289Types of Maritime Entities 289Vessel Terminology 290Maritime Discovery and Analysis Methods 291Vessel Paths and Locations 292Vessel Meetings 293Port Calls 297Maritime Entity Ownership and Operation 300Maritime Critical Infrastructure and Entity Vulnerabilities 301Ship-to-Shore Critical Infrastructure 3028.3 Railways 305Introduction to Railway Intelligence 305Types of Railway Entities 306Railway Terminology 307Railway Discovery and Analysis Methods 308Visual Identification of Rail Lines 308Railway Routes and Schedules 314Railway Entity Ownership and Operation 317Railway Critical Infrastructure and Entity Vulnerabilities 3188.4 Aircraft 323Introduction to Aircraft Intelligence 323Types of Aircraft 324Parts of a Typical Jet 325Aircraft and Air Travel Terminology 327Aircraft Discovery and Analysis Methods 328Identifying Aircraft 329Flight Paths and Locations 346Limiting Aircraft Data Displayed and Private ICAO Addresses Listings 349Tracking Cargo 350Notice to Air Missions (NOTAMs) 350Air Traffic Control Communications 352Aerodromes 352Geolocation and Imagery Analysis of Aircraft 355Aviation Entity Ownership and Operation 358Aviation Critical Infrastructure and Entity Vulnerabilities 3618.5 Automobiles 362Introduction to Automotive Intelligence 362Types of Automobile Entities 362Automobile Terminology 363Automobile Discovery and Analysis Methods 364Identifying Automobiles 364Tips for Monitoring and Analyzing Automobile Routes 371Automobile Entity Ownership and Operation 374Automobile Security and Technology 375Chapter 9 Critical Infrastructure and Industrial Intelligence 3799.1 Overview of Critical Infrastructure and Industrial Intelligence 379What Is Operational Technology? 384What Is IoT and IIoT? 3859.2 Methods for the Analysis of Critical Infrastructure, OT, and IoT Systems 387Planning the Analysis 388Five Possible Information Gathering Avenues 388Visualizations 390Plotting Locations with Google Earth Pro 391Using Premade Visualizations 397Public Disclosures 402Contracts 402Social Media 402Job Advertisements 404Company Disclosures 404Infrastructure Search Tools 405Censys.io 405Kamerka 4069.3 Wireless 408Overview of Wireless Networks 408Mobile Networks 409War Driving 410Low- Power Wide- Area Networks 412Long Range Radio (LoRa) 412Wireless SSID, BSSID, MAC 413Service Set Identifier (SSID) 413Basic Service Set Identifier (BSSID) 413Extended Service Set Identifier (ESSID) 413Media Access Control (MAC) Address 4139.4 Methods for Analyzing Wireless Networks 415Information Gathering Techniques 415Here are some pivots for wireless network information gathering 415Wi- Fi Searching Techniques 418WiGLE 418Plotting Wireless Locations with Google Earth Pro 421Tower Searching Techniques 423Chapter 10 Financial Intelligence 42510.1 Overview 425Financial Organizations 426Financial Intelligence Units 426Financial Crimes Enforcement Network 426The Financial Action Task Force 426The Federal Deposit Insurance Corporation 427International Monetary Fund 427Federal Financial Institutions Examination Council 427The Office of Foreign Assets Control 42810.2 Financial Crime and Organized Crime, Together ForeverTransnational Criminal Organizations 430Politically Exposed Person 432Anti- Money Laundering 433The Counter Financing of Terrorism 435Tax Evasion, Tax Fraud, and Embezzlement 43710.3 Methods for Analysis 438Financial Identifiers 440Issuer Identification Number 440Routing Number (ABA Routing Numbers) 440Society for Worldwide Interbank Financial Organization 440Value- Added Tax 441BIN- Bank Identification Number 441Location- Based Resources 443Drug Financing Analysis Resources 446Organized Crime Analysis Resources 448Negative News String Searching 449Chapter 11 Cryptocurrency 45111.1 Overview of Cryptocurrency 451The Basics of Cryptocurrency 453How Is Cryptocurrency Used and Transferred? 453What Is a Cryptocurrency Wallet? 454What Is Blockchain? 455Types of Cryptocurrencies 457Coin and Token Quick Reference 457Bitcoin 458Ether 458Binance 458Tether 459Solana 459Dogecoin 459Monero (XMR) 459What Is Cryptocurrency Mining and Minting? 460Types of Verification 461Public Blockchains vs. Private Blockchains 463Why Tracking Cryptocurrency Matters 463Money Laundering 464Fraud, Illegal Sales, and CSAM/CSEM 46711.2 The Dark Web 471Overview of the Dark Web 471Darknet Marketplaces 47311.3 Methods for Cryptocurrency Analysis 475Where to Begin? 475Starting with a Subject of Interest 476Starting with a Wallet of Interest 478Tracing Cash- Outs at the Exchange Point 481Following Cryptocurrency Mining Scripts 483Starting with a Transaction of Interest 485Chapter 12 Non-fungible Tokens 48912.1 Overview of Non-fungible Tokens 489NFT Crimes 490Ponzi Schemes and Rug Pulls 490Fake NFTs 491Get Rich Quick 491Phishing 49112.2 Methods for Analyzing NFTs 491By Wallet Number or Address 491By Image 494What Is ENS? 496Look for Metadata 497Chapter 13 What's Next? 49913.1 Thank You for Diving In with Me 499Important Reminders 500Index 503

RAE BAKER is a Senior OSINT Analyst on the Dynamic Adversary Intelligence team at Deloitte specializing in maritime intelligence, human intelligence, corporate reconnaissance, and U.S. sanctions research. Rae is also a licensed private investigator and owns Kase Scenarios, an immersive training experience geared toward readying individuals for real-life OSINT work.